Hello there!i have a problem witn metasploit i dont wich of payloads is best for my exploit ( i know the server vulnerabilite and i sure about my expliot )and when i use "show payloads" command i see a lot of compatible payloads please help me to find the best payload

On Windows, a meterpreter is always better because all windows post modules support it (plus tons of features). It also communicates in SSL, so that adds a bit more stealth. On Linux though, it's a different story, honestly you're probably better off with a non-meterpreter shell, because the Linux meterpreter isn't as good as the windows one.

reverse vs bind... come to think about it, I almost never use bind these days on a machine behind a firewall. But people do use bind shells.

By the way, when you select an exploit, and do "show payloads" -- that will only show all the payloads compatible with that particular exploit. If you're testing a web app exploit, keep in mind php/exec might not return an output (even though the command ran successfully).

If you're still clueless about which payload to use, just use a reverse meterpreter like everybody else has been recommending.

Lastly, perhaps you should consider asking Metasploit questions on #metasploit in freenode, so the actual metasploit dev team can answer your questions more quickly.

And yes... I did sign up for an account here just to answer your question.

Last edited by msfsinn3r on Sat Nov 12, 2011 6:42 pm, edited 1 time in total.